Turning off DNS Recursion Features on Linux servers

If DNS Recursion is turned on, you are exposed to the “DNS Amplification Attack”  attacks. This attack is also known as a DNS-powered DDOS attack. For this reason, DNS Recursion should be turned off and we will see how to do this. Assuming you are more or less familiar with the consequences of a DDOS attack, what is DNS Amplification Attack? I leave here a beautiful video explaining the situation without drowning in too much detail.

Is the Recursion feature on / off now on the corresponding DNS server? Let’s test it by sending queries from any user machine. I am a client user in Linux. In fact, we can look at the configuration file of the DNS server and understand that this is already going to be done in the conf file of the DNS server.

I will do the test with the command ap “nmap”.

As can be seen from the above ss, the DNS Recursion feature is on and vulnerable to DNS Amplification Attack. Now let’s disable Recursion from the file  “/etc/named.conf” .

To disable the Recursion feature, the line “recursion no;” . Must be added to the “options” section of the et  “/etc/named.conf” file. It is also shown ss below.

Now let’s test again with our “nmap” command and see the last state of recursion.

 

As can be seen from above, the recursion feature is passive.

I hope it has been a useful article.